Google Git
Sign in
go / crypto.git / 69267d27d28d489e67367059db7277e24070482a^! / . / ssh / keys.go
commit69267d27d28d489e67367059db7277e24070482a[log] [tgz]
authorMartin Garton <garton@gmail.com>Fri Jun 10 08:32:25 2016 +0100
committerBrad Fitzpatrick <bradfitz@golang.org>Tue Oct 04 19:14:42 2016 +0000
tree3cab8210eb2438956fd03dacd663823aedbddbe6
parent2cbd8ea802d1adf67a6ef1df6b9ade342c37241d [diff] [blame]
ssh: add CryptoPublicKey interface, expose underlying crypto.PublicKey

When implemented by ssh.PublicKey types, the new CryptoPublicKey
interface exposes the public key in the the crypto.PublicKey form via a
CryptoPublicKey() method.

This is useful for example in a custom ServerConfig.PublicKeyCallback
function to check or record additional details about the underlying
crypto.PublicKey

Change-Id: I4429df42c6fc5119f7c0023a539aaa9c59648bba
Reviewed-on: https://go-review.googlesource.com/23974
Run-TryBot: Brad Fitzpatrick <bradfitz@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>

diff --git a/ssh/keys.go b/ssh/keys.go
index ffcdb18..e13cf9c 100644
--- a/ssh/keys.go
+++ b/ssh/keys.go

@@ -281,6 +281,12 @@
 	Verify(data []byte, sig *Signature) error
 }
 
+// CryptoPublicKey, if implemented by a PublicKey,
+// returns the underlying crypto.PublicKey form of the key.
+type CryptoPublicKey interface {
+	CryptoPublicKey() crypto.PublicKey
+}
+
 // A Signer can create signatures that verify against a public key.
 type Signer interface {
 	// PublicKey returns an associated PublicKey instance.
@@ -348,6 +354,10 @@
 	return rsa.VerifyPKCS1v15((*rsa.PublicKey)(r), crypto.SHA1, digest, sig.Blob)
 }
 
+func (r *rsaPublicKey) CryptoPublicKey() crypto.PublicKey {
+	return (*rsa.PublicKey)(r)
+}
+
 type dsaPublicKey dsa.PublicKey
 
 func (r *dsaPublicKey) Type() string {
@@ -416,6 +426,10 @@
 	return errors.New("ssh: signature did not verify")
 }
 
+func (k *dsaPublicKey) CryptoPublicKey() crypto.PublicKey {
+	return (*dsa.PublicKey)(k)
+}
+
 type dsaPrivateKey struct {
 	*dsa.PrivateKey
 }
@@ -509,6 +523,10 @@
 	return nil
 }
 
+func (k ed25519PublicKey) CryptoPublicKey() crypto.PublicKey {
+	return ed25519.PublicKey(k)
+}
+
 func supportedEllipticCurve(curve elliptic.Curve) bool {
 	return curve == elliptic.P256() || curve == elliptic.P384() || curve == elliptic.P521()
 }
@@ -604,6 +622,10 @@
 	return errors.New("ssh: signature did not verify")
 }
 
+func (k *ecdsaPublicKey) CryptoPublicKey() crypto.PublicKey {
+	return (*ecdsa.PublicKey)(k)
+}
+
 // NewSignerFromKey takes an *rsa.PrivateKey, *dsa.PrivateKey,
 // *ecdsa.PrivateKey or any other crypto.Signer and returns a corresponding
 // Signer instance. ECDSA keys must use P-256, P-384 or P-521.